Fix tmp volume mounts not being consistent (#68)

* Fix tmp volume mounts not being consistent * Fix falseness check in template * Use configurable tmpVolumeSize * It appears we need to compare to strings
opf · Jan 9, 2024 · ab8b83d · ab8b83d
1 parent 7355cbd
commit ab8b83d
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 70 deletions.
diff --git a/.changeset/soft-swans-try.md b/.changeset/soft-swans-try.md
@@ -0,0 +1,5 @@
+---
+"@openproject/helm-charts": minor
+---
+
+Fix tmp volume mounts not being consistent
diff --git a/charts/openproject/templates/_helpers.tpl b/charts/openproject/templates/_helpers.tpl
@@ -36,10 +36,47 @@ securityContext:
 {{- end }}
 {{- end }}
 
+
 {{- define "openproject.useTmpVolumes" -}}
-{{- if (default .Values.useTmpVolumes (not .Values.develop)) -}}
-  {{- true -}}
+{{- if ne .Values.openproject.useTmpVolumes nil -}}
+  {{- .Values.openproject.useTmpVolumes -}}
+{{- else -}}
+  {{- (not .Values.develop) -}}
+{{- end -}}
 {{- end -}}
+
+{{- define "openproject.tmpVolumeMounts" -}}
+{{- if eq (include "openproject.useTmpVolumes" .) "true" }}
+- mountPath: /tmp
+  name: tmp
+- mountPath: /app/tmp
+  name: app-tmp
+{{- end }}
+{{- end -}}
+
+{{- define "openproject.tmpVolumeSpec" -}}
+{{- if eq (include "openproject.useTmpVolumes" .) "true" }}
+- name: tmp
+  # we can't use emptyDir due to the sticky bit issue
+  # see: https://github.com/kubernetes/kubernetes/issues/110835
+  ephemeral:
+    volumeClaimTemplate:
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: {{ .Values.openproject.tmpVolumesStorage }}
+- name: app-tmp
+  # we can't use emptyDir due to the sticky bit / world writable issue
+  # see: https://github.com/kubernetes/kubernetes/issues/110835
+  ephemeral:
+    volumeClaimTemplate:
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: {{ .Values.openproject.tmpVolumesStorage }}
+{{- end }}
 {{- end -}}
 
 {{- define "openproject.envFrom" -}}

diff --git a/charts/openproject/templates/seeder-job.yaml b/charts/openproject/templates/seeder-job.yaml
@@ -26,18 +26,7 @@ spec:
         {{ toYaml . | nindent 8 | trim }}
       {{- end }}
       volumes:
-        {{- if (include "openproject.useTmpVolumes" .) }}
-        - name: tmp
-          # we can't use emptyDir due to the sticky bit issue
-          # see: https://github.com/kubernetes/kubernetes/issues/110835
-          ephemeral:
-            volumeClaimTemplate:
-              spec:
-                accessModes: ["ReadWriteOnce"]
-                resources:
-                  requests:
-                    storage: 1Gi
-        {{- end }}
+        {{- include "openproject.tmpVolumeSpec" . | indent 8 }}
         {{- if .Values.persistence.enabled }}
         - name: "data"
           persistentVolumeClaim:
@@ -67,10 +56,7 @@ spec:
           {{- include "openproject.envFrom" . | nindent 10 }}
           {{- include "openproject.env" . | nindent 10 }}
           volumeMounts:
-            {{- if (include "openproject.useTmpVolumes" .) }}
-            - mountPath: /tmp
-              name: tmp
-            {{- end }}
+            {{- include "openproject.tmpVolumeMounts" . | indent 12 }}
             {{- if .Values.persistence.enabled }}
             - name: "data"
               mountPath: "/var/openproject/assets"

diff --git a/charts/openproject/templates/web-deployment.yaml b/charts/openproject/templates/web-deployment.yaml
@@ -46,28 +46,7 @@ spec:
       {{- include "openproject.podSecurityContext" . | indent 6 }}
       serviceAccountName: {{ include "common.names.fullname" . }}
       volumes:
-        {{- if (include "openproject.useTmpVolumes" .) }}
-        - name: tmp
-          # we can't use emptyDir due to the sticky bit issue
-          # see: https://github.com/kubernetes/kubernetes/issues/110835
-          ephemeral:
-            volumeClaimTemplate:
-              spec:
-                accessModes: ["ReadWriteOnce"]
-                resources:
-                  requests:
-                    storage: 1Gi
-        - name: app-tmp
-          # we can't use emptyDir due to the sticky bit / world writable issue
-          # see: https://github.com/kubernetes/kubernetes/issues/110835
-          ephemeral:
-            volumeClaimTemplate:
-              spec:
-                accessModes: ["ReadWriteOnce"]
-                resources:
-                  requests:
-                    storage: 1Gi
-        {{- end }}
+        {{- include "openproject.tmpVolumeSpec" . | indent 8 }}
         {{- if .Values.egress.tls.rootCA.fileName }}
         - name: ca-pemstore
           configMap:
@@ -96,12 +75,7 @@ spec:
           {{- include "openproject.envFrom" . | nindent 10 }}
           {{- include "openproject.env" . | nindent 10 }}
           volumeMounts:
-            {{- if (include "openproject.useTmpVolumes" .) }}
-            - mountPath: /tmp
-              name: tmp
-            - mountPath: /app/tmp
-              name: app-tmp
-            {{- end }}
+            {{- include "openproject.tmpVolumeMounts" . | indent 12 }}
             {{- if .Values.persistence.enabled }}
             - name: "data"
               mountPath: "/var/openproject/assets"

diff --git a/charts/openproject/templates/worker-deployment.yaml b/charts/openproject/templates/worker-deployment.yaml
@@ -46,21 +46,7 @@ spec:
       {{- include "openproject.podSecurityContext" . | indent 6 }}
       serviceAccountName: {{ include "common.names.fullname" . }}
       volumes:
-        {{- if (include "openproject.useTmpVolumes" .) }}
-        - name: tmp
-          # we can't use emptyDir due to the sticky bit issue
-          # see: https://github.com/kubernetes/kubernetes/issues/110835
-          ephemeral:
-            volumeClaimTemplate:
-              spec:
-                accessModes: ["ReadWriteOnce"]
-                resources:
-                  requests:
-                    # the worker may need a lot of memory in case of big exports
-                    # or backups
-                    # @todo put this into a separate PVC per replica
-                    storage: 5Gi
-        {{- end }}
+        {{- include "openproject.tmpVolumeSpec" . | indent 8 }}                     
         {{- if .Values.egress.tls.rootCA.fileName }}
         - name: ca-pemstore
           configMap:
@@ -92,10 +78,7 @@ spec:
             - bash
             - /app/docker/prod/worker
           volumeMounts:
-            {{- if (include "openproject.useTmpVolumes" .) }}
-            - mountPath: /tmp
-              name: tmp
-            {{- end }}
+            {{- include "openproject.tmpVolumeMounts" . | indent 12 }}
             {{- if .Values.persistence.enabled }}
             - name: "data"
               mountPath: "/var/openproject/assets"

diff --git a/charts/openproject/values.yaml b/charts/openproject/values.yaml
@@ -294,6 +294,14 @@ openproject:
   #
   postgresStatementTimeout: 120s
 
+  ## Whether or not to use ephemeral volumes for /app/tmp and /tmp.
+  ## Falls back to a sensible default if undefined.
+  #
+  useTmpVolumes:
+
+  ## customize the tmp storage mount sizes
+  tmpVolumesStorage: "5Gi"
+
 ## Whether to allocate persistent volume disk for the data directory.
 ## In case of node failure, the node data directory will still persist.
 ##
@@ -555,11 +563,6 @@ replicaCount: 1
 #
 backgroundReplicaCount: 1
 
-## Whether or not to use ephemeral volumes for /app/tmp and /tmp.
-## Falls back to a sensible default if undefined.
-#
-useTmpVolumes:
-
 ## Configure resource requests and limits.
 ##
 ## http://kubernetes.io/docs/user-guide/compute-resources/